2446 – NT 4 Workstation can't join Samba domain on the fly.

Bug 2446 - NT 4 Workstation can't join Samba domain on the fly.

Summary: NT 4 Workstation can't join Samba domain on the fly.

Status:	CLOSED FIXED

Alias:	None

Product:	Samba 3.0
Classification:	Unclassified
Component:	smbldap-tools (show other bugs)
Version:	3.0.11
Hardware:	x86 Linux

Importance:	P3 normal
Target Milestone:	none
Assignee:	Tournier Jerome
QA Contact:	smbldap-tools team

URL:
Keywords:

Depends on:
Blocks:

Reported:	2005-03-14 09:48 UTC by Robert Czechowski
Modified:	2005-08-24 10:18 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Czechowski 2005-03-14 09:48:26 UTC

I have set up a small test network comprised of one NT 4 (SP6a) Workstation, one
Windows 2000 Pro (SP3) and one Fedora Core 3 running samba 3.0.11 as a PDC. I'm
using openLDAP 2.2.13 as the passdb backend with smbldap-tools 0.8.7-1. The
Windows 2000 Pro machine can join the domain on the fly without any problems,
but the NT 4 box gives me an error when I try to join: "The machine account for
this computer either does not exist or is inaccessible". In the samba log I can see:

[2005/03/09 13:15:26, 1] passdb/pdb_ldap.c:ldapsam_modify_entry(1479)
  ldapsam_modify_entry: Failed to modify user
dn=uid=nt4box$,ou=People,dc=economists-inc,dc=com with: No such attribute
        modify/delete: sambaPrimaryGroupSID: no such value
[2005/03/09 13:15:26, 0] passdb/pdb_ldap.c:ldapsam_update_sam_account(1694)
  ldapsam_update_sam_account: failed to modify user with uid = nt4box$,
error: modify/delete: sambaPrimaryGroupSID: no such value (Success)

In the smb.conf file I have: 

add machine script = /opt/IDEALX/sbin/smbldap-useradd -w '%u'

When I run ./smbldap-useradd -w 'test' by hand it creates an entry without
objectClass: sambaSamAccount:

# test$, People, economists-inc.com
dn: uid=test$,ou=People,dc=economists-inc,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: posixAccount
cn: test$
sn: test$
uid: test$
uidNumber: 1017
gidNumber: 515
homeDirectory: /dev/null
loginShell: /bin/false
description: Computer
gecos: Computer

The NT machine can join the domain after I run ./smbldap-useradd -w 'nt4box' and
then pdbedit -a -m -u 'nt4box', but not on the fly.

Comment 1 Gerald (Jerry) Carter (dead mail address) 2005-03-14 10:09:44 UTC

I cna guarantee this works correctly in 3.0.11.  Probably a 
misconfiguration or bug the smbldap-tools.  Reassigning.

Comment 2 Robert Czechowski 2005-03-15 13:05:16 UTC

I'm getting the same error with smbldap-tools-0.8.6-1 and smbldap-tools-0.8.5-3.

Comment 3 Tournier Jerome 2005-03-24 07:43:08 UTC

for NT4, server's account belong to the Domain User group.
Try to use the 513 number for computer's account: in smbldap.conf, set the
following parameter:
> defaultComputerGid="513"

Comment 4 Tournier Jerome 2005-03-30 03:25:37 UTC

configuration problem for NT server

Comment 5 Gerald (Jerry) Carter (dead mail address) 2005-08-24 10:18:56 UTC

sorry for the same, cleaning up the database to prevent unecessary reopens of bugs.